Tunneled and Encrypted Ethernet Link Question

andymonteverde · ‎03-18-2012

I have a question I need help with. It's an interview question that I need to prepare for and was wondering if anyone can help me out with it. Thanks!

You are given a point-to-point gigabit Ethernet link that is tunneled and encrypted. You are told that applications are not performing well or do not work at all. What are router or switch configuration changes you might make to ensure that applications would perform better? Are there any considerations?

Leo Laohoo · ‎03-18-2012

1. Check the duplex and speed settings for possible mismatch on the server side interface.

2. Check for collissions or output drops on the server side interface.

3. Check the the speed and duplex settings at the client side.

4. Check for output drops at the client side.

5. Check for ACLs or firewall issues.

6. Run Wireshark to determine if there are issues with the application.

7. Check for over-utilization of the link when issues occur.

PS: I am presuming that the GRE tunnel works 100%.

Richard Burts · ‎03-18-2012

Leo presents some good suggestions about this question. And I will take a slightly different approach to give you a somewhat different viewpoint. One thing that is similar in tunnels and in encryption/VPN is that they add extra information to the header and this may cause problems with maximum frame size and fragmentation. The generic solution for this is to reduce the MTU/maximum frame size of packets going through the interface.

The consideration about this is that reducing the frame size will have (somwhat of a) impact on performance since using smaller packets may require more packets to carry the same amount of data between the peers. In reality the impact is likely to be small. But in terms of interview questions it should be mentioned.

HTH

Rick

HTH

Rick

andymonteverde · ‎03-18-2012

Thanks Richard. I posted the same question on another message board and someone brought up that the question might be referring to a QinQ trunk. In this case, wouldn't you increase the mtu to 1504 to account for the added vlan tag. Is a QinQ even a possibility?

andymonteverde · ‎03-18-2012

Thanks for the help leolaohoo. Is a GRE tunnel the most likely way (or only way) the link described in the question would be setup?

Leo Laohoo · ‎03-18-2012

Is a GRE tunnel the most likely way (or only way) the link described in the question would be setup?

No way to tell.

I mean if they drop you in the water running, then the first order of business is to ensure your link is UP and working fine. Users are able to login, check emails, network shares, etc.

Problems with specific applications depend entirely on alot of major factors. Could be the server, could be the client, could be the link. Anything can go wrong.

The question is designed to see how the applicant can be "creative" or how well can you organize yourself in troubleshooting something, what is your conduct and decorum.

They don't expect you to know all the tools and goodies. The client wants to know HOW DO YOU THINK, how do you get around doing things. Do you loose your cool? Do you un-ravel? Do you get do down on your knees and cry.

In an interview, look at the interviewer straight in the eye. But, for your sake, DO NOT LOOK DOWN TO THE LEFT!

andymonteverde · ‎03-18-2012

That's great advice! Thanks again!